[Freeipa-users] DNS Replication Validation

Aric Wilisch awilisch at gmail.com
Thu Sep 24 15:24:42 UTC 2015 

Is there a way of exporting the DNS information out of Freeipa? Then I could just do a diff on the export from master and replica. 

> On Sep 24, 2015, at 11:13 AM, Martin Basti <mbasti at redhat.com> wrote:
> 
> 
> 
> On 09/24/2015 05:02 PM, Rich Megginson wrote:
>> On 09/24/2015 08:53 AM, Martin Basti wrote:
>>> 
>>> 
>>> On 09/24/2015 04:43 PM, Rich Megginson wrote:
>>>> On 09/24/2015 08:32 AM, Aric Wilisch wrote:
>>>>> I need a way to validate that both the primary and the redundant FreeIPA server’s DNS zones are in sync. What’s the simplest way for me to do this?
>>>> 
>>>> Do a DNS query to confirm that the SOA record for the primary is identical to the SOA for the secondary.
>>> 
>>> SOA serials are not replicated.
>> 
>> So with IPA you can have a master DNS and a replica DNS that have different SOA?
> Just SOA serial, other records are replicated.
> 
>> 
>> Then the records are replicated using the standard IPA dirsrv replication protocol?
>> 
>> In that case, doesn't ipa-replica-manage have a way to ask if the replicas are in sync?
> I don't think that ipa-replica-manage is capable to detect if replicas are in sync.
> AFAIK this feature is planned for future IPA versions.
> Inspecting DS error log may help to find replication issues if any.
> 
> Martin
> 
>> 
>>> 
>>> You can get all  records via AXFR, and compare them per zone.
>>> 
>>> Maybe you can use python-dns to do comparation
>>> 
>>> http://www.dnspython.org/examples.html
>> 
>> That seems pretty heavyweight if there are a lot records.
>> 
>>> 
>>> HTH
>>> Martin
>>>> 
>>>>> 
>>>>> My boss won’t let me continue with an upgrade until he’s sure the primary and redundant servers have the same DNS records and are in sync. I’ve tried finding documentation on this but keep coming up blank.
>>>>> 
>>>>> Thanks in advance.
>>>>> 
>>>> 
>>> 
>> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list